Upgrading Cyber Security Architecture is Imperative

Written by: Dr Manish Prateek, Professor and Associate Dean, Centre for Information Technology, University of Petroleum and Energy Studies

Published: Monday, August 29, 2016, 13:04 [IST]

Governments around the world are increasingly getting worried over incitement of violent extremism in cyberspace. For developing countries like India which have started realising that 14-1439525466-cybersecurity-602the full potential of digital space for e-governance and the digital economy, developing norms around the security and stability of the internet is paramount.

With little control over the hardware used by internet users as well as the information that is carried through them, India's national security architecture faces a difficult task in cyberspace. The massive gap between the security offered by the cheapest phone in the Indian market and a high-end smart phone makes it virtually impossible for regulators to set legal and technical standards for data protection.

Broadly speaking, the infrastructure is susceptible to four kinds of digital intrusions: espionage, which involves intruding into systems to steal information of strategic or commercial value; cyber crime with reference to electronic fraud or other acts of serious criminal consequences; attacks intended at disrupt services or systems for a temporary period; and war caused by a large-scale and systematic digital assault on India's critical installations.

In 2014, the Prime Minister's Office (PMO) created the position of National Cyber Security Coordinator. There is, however, a need of a robust national security architecture that can assess the nature of cyber threats and respond to them effectively. India's civilian institutions have their own fire-fighting agencies, and the armed forces have their own insulated platforms to counter cyber attacks.

Technology - and not legislation - is the only suitable solution to challenges posed by technology itself. Norms, regulations and laws must be designed so as to allow technology to be its own antidote. As estimated by NASSCOM's Cybersecurity Task Force, India needs one million trained cyber security professionals by 2025. The current estimated number is 62,000.

The internet, with its unparalleled information delivery systems and aggregation capabilities, has revolutionised communication. But these same features unwittingly lead to insecurity in the ways the medium is used. This insecurity is particularly acute for nascent digital economies like India, where decisions by the government or regulators to curtail access or seek back doors cannot be characterised in binary tones. At the same time, global cyber-norms must be sensitive to local or national contexts - economic, social and political - rather than reinforcing the narrative that cyberspace is truly seamless.

Being one of the emerging superpowers, it is imperative that we develop our own IT infrastructure and technologies. India should encash on the demand-supply gap when it comes to technology requirement by other nations. We should develop indigenous technologies and export them to other countries.

The government should put in place an integrated technological framework for 100 Smart Cities. At the same time, a large number of professionals must be trained for better personal and national security. In today's age, terrorist attacks or other attacks can happen by barging into our data systems and hacking sensitive information.

If government initiatives like 'Make in India' and 'Digital India' are to succeed, then we need the right human resources which can protect our information and data. Just the way we need soldiers on our borders to protect geographical boundaries, the country needs an army of IT professionals to keep us safe in the digital cyberspace.

We need to introduce cyber security courses at graduate level and encourage international certification bodies to introduce various skill-based cyber security courses and performance-based skill testing practical examinations. We also need to provide hands-on training using concepts like virtual labs and cyber ranges.